v3.3.3 (TBD)
See code changes and v3.3 upgrade guide for any breaking changes.
- Adjust election timeout on server restart to reduce disruptive rejoining servers.
- Previously, etcd fast-forwards election ticks on server start, with only one tick left for leader election. This is to speed up start phase, without having to wait until all election ticks elapse. Advancing election ticks is useful for cross datacenter deployments with larger election timeouts. However, it was affecting cluster availability if the last tick elapses before leader contacts the restarted node.
- Now, when etcd restarts, it adjusts election ticks with more than one tick left, thus more time for leader to prevent disruptive restart.
v3.3.2 (2018-03-08)
See code changes and v3.3 upgrade guide for any breaking changes.
- Fix server panic on invalid Election Proclaim/Resign HTTP(S) requests.
- Previously, wrong-formatted HTTP requests to Election API could trigger panic in etcd server.
- e.g.
curl -L http://localhost:2379/v3/election/proclaim -X POST -d '{"value":""}'
,curl -L http://localhost:2379/v3/election/resign -X POST -d '{"value":""}'
.
- Fix revision-based compaction retention parsing.
- Previously,
--auto-compaction-mode revision --auto-compaction-retention 1
was translated to revision retention 3600000000000. - Now,
--auto-compaction-mode revision --auto-compaction-retention 1
is correctly parsed as revision retention 1.
- Previously,
- Prevent overflow by large
TTL
values forLease
Grant
.TTL
parameter toGrant
request is unit of second.- Leases with too large
TTL
values exceedingmath.MaxInt64
expire in unexpected ways. - Server now returns
rpctypes.ErrLeaseTTLTooLarge
to client, when the requestedTTL
is larger than 9,000,000,000 seconds (which is >285 years). - Again, etcd
Lease
is meant for short-periodic keepalives or sessions, in the range of seconds or minutes. Not for hours or days!
- Enable etcd server
raft.Config.CheckQuorum
when starting withForceNewCluster
.
v3.3.1 (2018-02-12)
See code changes and v3.3 upgrade guide for any breaking changes.
- Add warnings on requests taking too long.
- e.g.
etcdserver: read-only range request "key:\"\\000\" range_end:\"\\000\" " took too long [3.389041388s] to execute
- e.g.
- Fix
mvcc
"unsynced" watcher restore operation.- "unsynced" watcher is watcher that needs to be in sync with events that have happened.
- That is, "unsynced" watcher is the slow watcher that was requested on old revision.
- "unsynced" watcher restore operation was not correctly populating its underlying watcher group.
- Which possibly causes missing events from "unsynced" watchers.
- Compile with Go 1.9.4.
v3.3.0 (2018-02-01)
See code changes and v3.3 upgrade guide for any breaking changes.
v3.3.0-rc.4 (2018-01-22)
See code changes and v3.3 upgrade guide for any breaking changes.
v3.3.0-rc.3 (2018-01-17)
See code changes and v3.3 upgrade guide for any breaking changes.
v3.3.0-rc.2 (2018-01-11)
See code changes and v3.3 upgrade guide for any breaking changes.
v3.3.0-rc.1 (2018-01-02)
See code changes and v3.3 upgrade guide for any breaking changes.
v3.3.0-rc.0 (2017-12-20)
See code changes and v3.3 upgrade guide for any breaking changes.
- Use
coreos/bbolt
to replaceboltdb/bolt
. - Support database size larger than 8GiB (8GiB is now a suggested maximum size for normal environments)
- Reduce memory allocation on Range operations.
- Rate limit and randomize lease revoke on restart or leader elections.
- Prevent spikes in Raft proposal rate.
- Support
clientv3
balancer failover under network faults/partitions. - Better warning on mismatched
--initial-cluster
flag.- etcd compares
--initial-advertise-peer-urls
against corresponding--initial-cluster
URLs with forward-lookup. - If resolved IP addresses of
--initial-advertise-peer-urls
and--initial-cluster
do not match (e.g. due to DNS error), etcd will exit with errors.- v3.2 error:
--initial-cluster must include s1=https://s1.test:2380 given --initial-advertise-peer-urls=https://s1.test:2380
. - v3.3 error:
failed to resolve https://s1.test:2380 to match --initial-cluster=s1=https://s1.test:2380 (failed to resolve "https://s1.test:2380" (error ...))
.
- v3.2 error:
- etcd compares
- Require Go 1.9+.
- Compile with Go 1.9.3.
- Deprecate
golang.org/x/net/context
.
- Require
google.golang.org/grpc
v1.7.4
orv1.7.5
.- Deprecate
metadata.Incoming/OutgoingContext
. - Deprecate
grpclog.Logger
, upgrade togrpclog.LoggerV2
. - Deprecate
grpc.ErrClientConnTimeout
errors inclientv3
. - Use
MaxRecvMsgSize
andMaxSendMsgSize
to limit message size, in etcd server.
- Deprecate
- Upgrade
github.com/grpc-ecosystem/grpc-gateway
v1.2.2
tov1.3.0
. - Translate gRPC status error in v3 client
Snapshot
API. - Upgrade
github.com/ugorji/go/codec
for v2client
.- Regenerated v2
client
source code with latestugorji/go/codec
.
- Regenerated v2
- v3
etcdctl
lease timetolive LEASE_ID
on expired lease now prints"lease LEASE_ID already expired"
.- <=3.2 prints
"lease LEASE_ID granted with TTL(0s), remaining(-1s)"
.
- <=3.2 prints
- Add
--experimental-enable-v2v3
flag to emulate v2 API with v3. - Add
--experimental-corrupt-check-time
flag to raise corrupt alarm monitoring. - Add
--experimental-initial-corrupt-check
flag to check database hash before serving client/peer traffic. - Add
--max-txn-ops
flag to configure maximum number operations in transaction. - Add
--max-request-bytes
flag to configure maximum client request size.- If not configured, it defaults to 1.5 MiB.
- Add
--client-crl-file
,--peer-crl-file
flags for Certificate revocation list. - Add
--peer-cert-allowed-cn
flag to support CN-based auth for inter-peer connection. - Add
--listen-metrics-urls
flag for additional/metrics
endpoints.- Support additional (non) TLS
/metrics
endpoints for a TLS-enabled cluster. - e.g.
--listen-metrics-urls=https://localhost:2378,http://localhost:9379
to serve/metrics
in secure port 2378 and insecure port 9379. - Useful for bypassing critical APIs when monitoring etcd.
- Support additional (non) TLS
- Add
--auto-compaction-mode
flag to support revision-based compaction. - Change
--auto-compaction-retention
flag to accept string values with finer granularity.- e.g.
--auto-compaction-mode=periodic --auto-compaction-retention=30m
automaticallyCompact
on latest revision every 30-minute. - e.g.
--auto-compaction-mode=revision --auto-compaction-retention=1000
automaticallyCompact
on"latest revision" - 1000
every 5-minute (when latest revision is 30000, compact on revision 29000).
- e.g.
- Add
--grpc-keepalive-min-time
,--grpc-keepalive-interval
,--grpc-keepalive-timeout
flags to configure server-side keepalive policies. - Serve
/health
endpoint as unhealthy when alarm (e.g.NOSPACE
) is raised or there's no leader.- Define
etcdhttp.Health
struct with JSON encoder. - Note that
"health"
field isstring
type, notbool
.- e.g.
{"health":"false"}
,{"health":"true"}
- e.g.
- Remove
"errors"
field sincev3.3.0-rc.3
(did exist only inv3.3.0-rc.0
,v3.3.0-rc.1
,v3.3.0-rc.2
).
- Define
- Move logging setup to embed package
- Disable gRPC server info-level logs by default (can be enabled with
etcd --debug
flag).
- Disable gRPC server info-level logs by default (can be enabled with
- Use monotonic time in Go 1.9 for
lease
package. - Warn on empty hosts in advertise URLs.
- Address advertise client URLs accepts empty hosts.
- etcd
v3.4
will exit on this error.- e.g.
--advertise-client-urls=http://:2379
.
- e.g.
- Warn on shadowed environment variables.
- Address error on shadowed environment variables.
- etcd
v3.4
will exit on this error.
- Support ranges in transaction comparisons for disconnected linearized reads.
- Add nested transactions to extend proxy use cases.
- Add lease comparison target in transaction.
- Add lease list.
- Add hash by revision for better corruption checking against boltdb.
- Add health balancer to fix watch API hangs, improve endpoint switch under network faults.
- Refactor balancer and add client-side keepalive pings to handle network partitions.
- Add
MaxCallSendMsgSize
andMaxCallRecvMsgSize
fields toclientv3.Config
.- Fix exceeded response size limit error in client-side.
- Address kubernetes#51099.
- In previous versions(v3.2.10, v3.2.11), client response size was limited to only 4 MiB.
MaxCallSendMsgSize
default value is 2 MiB, if not configured.MaxCallRecvMsgSize
default value ismath.MaxInt32
, if not configured.
- Accept
Compare_LEASE
inclientv3.Compare
. - Add
LeaseValue
helper toCmp
LeaseID
values inTxn
. - Add
MoveLeader
toMaintenance
. - Add
HashKV
toMaintenance
. - Add
Leases
toLease
. - Add
clientv3/ordering
for enforce ordering in serialized requests.
- Add
backup --with-v3
flag.
- Add
--discovery-srv
flag. - Add
--keepalive-time
,--keepalive-timeout
flags. - Add
lease list
command. - Add
lease keep-alive --once
flag. - Make
lease timetolive LEASE_ID
on expired lease printlease LEASE_ID already expired
.- <=3.2 prints
lease LEASE_ID granted with TTL(0s), remaining(-1s)
.
- <=3.2 prints
- Add
snapshot restore --wal-dir
flag. - Add
defrag --data-dir
flag. - Add
move-leader
command. - Add
endpoint hashkv
command. - Add
endpoint --cluster
flag, equivalent to v2etcdctl cluster-health
. - Make
endpoint health
command terminate with non-zero exit code on unhealthy status. - Add
lock --ttl
flag. - Support
watch [key] [range_end] -- [exec-command…]
, equivalent to v2etcdctl exec-watch
.- Make
watch -- [exec-command]
set environmental variablesETCD_WATCH_REVISION
,ETCD_WATCH_EVENT_TYPE
,ETCD_WATCH_KEY
,ETCD_WATCH_VALUE
for each event.
- Make
- Support
watch
with environmental variablesETCDCTL_WATCH_KEY
andETCDCTL_WATCH_RANGE_END
. - Enable
clientv3.WithRequireLeader(context.Context)
forwatch
command. - Print
"del"
instead of"delete"
intxn
interactive mode. - Print
ETCD_INITIAL_ADVERTISE_PEER_URLS
inmember add
.
- Add
etcd --listen-metrics-urls
flag for additional/metrics
endpoints.- Useful for bypassing critical APIs when monitoring etcd.
- Add
etcd_server_version
Prometheus metric.- To replace Kubernetes
etcd-version-monitor
.
- To replace Kubernetes
- Add
etcd_debugging_mvcc_db_compaction_keys_total
Prometheus metric. - Add
etcd_debugging_server_lease_expired_total
Prometheus metric.- To improve lease revoke monitoring.
- Document Prometheus 2.0 rules.
- Initialize gRPC server metrics with zero values.
- Add
grpc-proxy start --experimental-leasing-prefix
flag.- For disconnected linearized reads.
- Based on V system leasing.
- See "Disconnected consistent reads with etcd" blog post.
- Add
grpc-proxy start --experimental-serializable-ordering
flag.- To ensure serializable reads have monotonically increasing store revisions across endpoints.
- Add
grpc-proxy start --metrics-addr
flag for an additional/metrics
endpoint.- Set
--metrics-addr=http://[HOST]:9379
to serve/metrics
in insecure port 9379.
- Set
- Serve
/health
endpoint in grpc-proxy. - Add
grpc-proxy start --debug
flag. - Add
grpc-proxy start --max-send-bytes
flag to configure maximum client request size. - Add
grpc-proxy start --max-recv-bytes
flag to configure maximum client request size.
- Replace gRPC gateway endpoint with
/v3beta
.- To deprecate
/v3alpha
inv3.4
.
- To deprecate
- Support "authorization" token.
- Support websocket for bi-directional streams.
- Upgrade gRPC gateway to v1.3.0.
- Add non-voting member.
- To implement Raft thesis 4.2.1 Catching up new servers.
Learner
node does not vote or promote itself.
- Add CRL based connection rejection to manage revoked certs.
- Document TLS authentication changes.
- Server accepts connections if IP matches, without checking DNS entries. For instance, if peer cert contains IP addresses and DNS names in Subject Alternative Name (SAN) field, and the remote IP address matches one of those IP addresses, server just accepts connection without further checking the DNS names.
- Server supports reverse-lookup on wildcard DNS
SAN
. For instance, if peer cert contains only DNS names (no IP addresses) in Subject Alternative Name (SAN) field, server first reverse-lookups the remote IP address to get a list of names mapping to that address (e.g.nslookup IPADDR
). Then accepts the connection if those names have a matching name with peer cert's DNS names (either by exact or wildcard match). If none is matched, server forward-lookups each DNS entry in peer cert (e.g. look upexample.default.svc
when the entry is*.example.default.svc
), and accepts connection only when the host's resolved addresses have the matching IP address with the peer's remote IP address.
- Add
etcd --peer-cert-allowed-cn
flag.- To support CommonName(CN) based auth for inter peer connection.
- Swap priority of cert CommonName(CN) and username + password.
- Protect lease revoke with auth.
- Provide user's role on auth permission error.
- Fix auth store panic with disabled token.
- Update
golang.org/x/crypto/bcrypt
(see golang/crypto@6c586e1).
- Fail-over v2 client to next endpoint on oneshot failure.
- Put back
/v2/machines
endpoint for python-etcd wrapper.
- Fix range/put/delete operation metrics with transaction.
etcd_debugging_mvcc_range_total
etcd_debugging_mvcc_put_total
etcd_debugging_mvcc_delete_total
etcd_debugging_mvcc_txn_total
- Fix
etcd_debugging_mvcc_keys_total
on restore. - Fix
etcd_debugging_mvcc_db_total_size_in_bytes
on restore.- Also change to
prometheus.NewGaugeFunc
.
- Also change to
- Fix backend database in-memory index corruption issue on restore (only 3.2.0 is affected).
- Fix watch restore from snapshot.
- Fix "put at-most-once" in
clientv3
. - Handle empty key permission in
etcdctl
. - Fix
mvcc/backend.defragdb
nil-pointer dereference on create bucket failure. - Fix server crash on invalid transaction request from gRPC gateway.
- Prevent server panic from member update/add with wrong scheme URLs.
- Fix
clientv3.WatchResponse.Canceled
on compacted watch request. - Handle WAL renaming failure on Windows.
- Make peer dial timeout longer.
- See coreos/etcd-operator#1300 for more detail.
- Make server wait up to request time-out with pending RPCs.
- Fix
grpc.Server
panic onGracefulStop
with TLS-enabled server. - Fix "multiple peer URLs cannot start" issue.
- Fix server-side auth so concurrent auth operations do not return old revision error.
- Fix
concurrency/stm
Put
with serializable snapshot.- Use store revision from first fetch to resolve write conflicts instead of modified revision.
- Fix
grpc-proxy
Snapshot API error handling. - Fix
grpc-proxy
KV APIPrevKv
flag handling. - Fix
grpc-proxy
KV APIKeysOnly
flag handling. - Upgrade
coreos/go-systemd
tov15
(see https://github.com/coreos/go-systemd/releases/tag/v15).
- Support previous two minor versions (see our new release policy).
v3.3.x
is the last release cycle that supportsACI
.- AppC was officially suspended, as of late 2016.
acbuild
is not maintained anymore.*.aci
files won't be available from etcdv3.4
release.
- Add container registry
gcr.io/etcd-development/etcd
.- quay.io/coreos/etcd is still supported as secondary.